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Top Stories 

• The former New York State Assembly speaker was charged November 30 for 7 counts of 
honest services fraud, extortion, and money laundering after gaining $4 million in 
kickbacks. - New York Times (See item 9) 

• Plano, Texas officials reported November 30 that heavy rainfall and overflows in aged 
pipes caused more than 300,000 gallons of water to leak from 8 sewage spills over the 
weekend of November 28. - Dallas Morning News (See item 14 ) 

• An audit of the Louisiana State University (LSU) Health Care Services Division revealed 
November 30 that nearly $6 million in state-owned hospital equipment could not be located 
and over $15 million in equipment for the LSU Medical Center was not properly recorded. 
- Associated Press (See item 16 ) 

• Schneider Electric released updates for its ProClima product addressing a remote control 
execution (RCE) flaw that can enable a remote attacker to execute unauthorized code via 
ActiveX controls connected to Internet Explorer. - Securityweek (See item 23 ) 
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Energy Sector 



1. December 1, Salt Lake City Deseret News - (Utah ) 11,000 gallons of gasoline, butane 
and propane leak from pipeline in Summit County. Officials determined that 
approximately 1 1 ,000 gallons of gasoline, butane, and propane leaked from a pipeline 
in Summit County November 30 after the business that mixes the substances for 
distribution notified authorities when they discovered abnormally low tank levels. 
HAZMAT crews worked to contain the spill. 

Source: http://www.deseretnews.com/article/865642766/1100Q-gallons-of-gasoline- 
butane-and-propane-leak-from-pipeline-in-Summit-Countv.html 

2. December 1, U.S. Environmental Protection Agency - (National) EPA finalizes 
increases in Renewable Fuel Levels. The U.S. Environmental Protection Agency 
(EPA) announced November 30 that it set final volume requirements under the 
Renewable Fuel Standard (RFS) program for 2014 - 2016, and the final volume 
requirements for biomass-based diesel for 2014 - 2017. The volume requirements set 
by the EPA increased compared to volume levels produced in 2014. 

Source: 

http://vosemite.epa.gOv/opa/admpress.nsf/0/40608A3436BADB5085257F0D006C0436 

3. December 1, Associated Press - (Oklahoma) More than 47,000 remain without 
power in Oklahoma. Utility crews worked to restore power to 47,000 customers in 
Oklahoma that remained without service December 1 following an ice storm that 
knocked out electricity and forced the governor to issue a disaster declaration for all 77 
counties in the State. 

Source: http://www.tulsaworld.com/ap/state/more-than-remain-without-power-in- 
qklahqina/cyticle 9de0fl 40-42M-5n20-cb 1 f-22d7fa5 1 72e6jTtml 

4. November 30, Bloomberg News - (National) Anadarko ordered to pay $159.5 million 
for 2010 Gulf spill. Officials ordered Anadarko Petroleum Corp., to pay $159.5 
million November 30 for its role as part-owner of the Macondo well in the Gulf of 
Mexico involved in a 2010 oil blowout that spilled 3.19 million barrels of oil and killed 
1 1 people. 

Source: http://www.bloomberg.com/news/articles/2015-ll-30/anadarko-ordered-to- 
pay- 1 59-5 -million-for-20 1 0-gulf-spill 

For another story, see item 23 

Chemical Industry Sector 

See item 11 

Nuclear Reactors, Materials, and Waste Sector 

5. November 27, Peekskill Daily Voice - (New York) NRC issues inspection report on 
Indian Point Unit 3. The U.S. Nuclear Regulatory Commission completed its 
inspection of the Entergy-owned Indian Point Nuclear Generating Unit 3 in Cortlandt 
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November 27 and determined that the commitments reviewed for license renewal from 
an October 9 compliance agreement were appropriately implemented. 

Source: http://peekskill.dailvvoice.com/news/nrc-issues-inspection-report-on-indian- 
point-unit-3/605892/ 

Critical Manufacturing Sector 

6. November 30, U.S. Department of Labor - (Delaware) OSHA finds Seaford, 
Delaware, ice plant failed again to guard machinery, resulting in employee 
suffering amputation of both legs. Officials from the Occupational Health and Safety 
Administration reported November 30 that Seaford Ice Inc., in Delaware was cited with 
1 willful, 5 serious, and 3 other-than-serious safety violations for failing to protect 
workers from electrical and machine hazards without machine guards following a May 
2015 investigation that revealed 1 worker fell into an unguarded conveyor, resulting in 
the amputation of both of his legs below the knee. Proposed fines total $77,000. 

Source: 

https://www.osha.gov/pls/oshaweb/owadisp.show document?p table=NEWS RELEA 
SES&p id=29094 

For another story, see item 23 

Defense Industrial Base Sector 

Nothing to report 

Financial Services Sector 

7. December 1, InsideNoVa.com - (Virginia) Fairfax police arrest 4 in credit-card 
scheme. Fairfax County Police arrested 2 men November 23 for allegedly buying 21 
iPhone 6S Plus smartphones worth more than $19,000 with fraudulent credit cards at 
the Apple store in Tysons Comer Center shopping mall in Virginia. An investigation of 
the suspects’ vehicle led to the discovery of 241 fraudulent credit cards as well as the 
arrest of two more suspects involved in the scheme. 

Source: http://www.insidenova.com/news/crime police/fairfax/fairfax-police-arrest-in- 
credit-card-scheme/artiele 07d53 17e-9795-l Ie5-bc22-3b35b28f28ec.html 

8. November 30, U.S. Securities and Exchange Commission - (International) Standard 
Bank to pay $4.2 million to settle SEC charges. Officials from the U.S. Securities 
and Exchange Commission (SEC) reported November 30 that London-based Standard 
Bank Pic was charged with violating the Foreign Corrupt Practices Act by failing to 
disclose a payment of $6 million made by the Bank affiliate to a firm with no 
substantial role in a $600 million debt transaction with the Government of Tanzania in 
2013. The Bank agreed to pay the SEC $4.2 million in settlements and is also facing 
action on the part of the United Kingdom’s Serious Fraud Office. 

Source: http ://www . sec . gov/news/pressrelease/20 1 5 -268 .html 

9. November 30, New York Times - (New York) Ex-New York Assembly speaker, is 
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found guilty on all counts. The former speaker of the New York State Assembly was 
found guilty in New York City November 30 on 7 counts of honest services fraud, 
extortion, and money laundering for his role in a scheme in which he gained $4 million 
in kickbacks from a cancer research center and 2 real estate firms that he subsequently 
hid in Weitz & Luxenberg firm. 

Source: http://www.nvtimes.com/2015/12/01/nyregion/sheldon-silver-guilty- 
corruption-trial.html 

10. November 30, WWLP 22 Springfield - (Massachusetts) Florida man charged with 
wire fraud in western Mass. A Florida man was charged November 30 for his role in 
an investment scheme from 2008 - 2012 in which he falsely promised 23 investors 
inflated returns on $600,000 worth of investments of which he used some for personal 
gain. The suspect also wrote 40 bad checks worth nearly $1.8 million when investors 
asked for their money back. 

Source: http://wwlp.com/2015/ll/30/florida-man-charged-with- wire-fraud-in- western- 
mass/ 



Transportation Systems Sector 

11. December 1, WTHI 10 Terre Haute - (Indiana) Semi accident in Parke County 
caused 5,000 gallons of fertilizer to spill. Highway 41 in Parke County was closed for 
6 hours November 30 while crews cleaned up 5,000 gallons of a water-based nitrogen 
fertilizer that spilled after a semi-truck overturned. The driver was transported to an 
area hospital with injuries and officials believe further clean-up will require the 
periodic closure of that portion of Highway 41 . 

Source: http://wthitv.com/2015/12/01/semi-accident-in-parke-countv-caused-5000- 
gallons-of-fertilizer-to-spill/ 

12. December 1, KTXS 12 Sweetwater - (Texas) Train derails near downtown 
Brownwood, cleanup continues. Crew are working to repair train tracks after 6 BNSF 
rail cars carrying silica sand and a food grade product derailed under the Truman 
Harlow Overpass on Highway 377 in Brownwood November 30, prompting several 
surrounding street to be closed through December 1. Repairs are scheduled to be 
completed by December 1. 

Source: http://www.ktxs.com/news/six-railcars-derail-near-downtown-brownwood-no- 
iniuries-reported/36729172 

13. November 30, Miami News-Record - (Oklahoma) Head-on collision with dump truck 
on Hwy. 125 leaves one injured. State Highway 137 in Ottawa County was closed for 
approximately 2 hours November 30 following a fatal 2-vehicle accident that left 1 
person dead. 

Source: http://www.miamiok.com/article/20151130/NEWS/151139959 



Food and Agriculture Sector 

Nothing to report 
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Water and Wastewater Systems Sector 



14. November 30, Dallas Morning News - (Texas) Several sewage spills over weekend 
did not harm Plano’s public water supply, city says. Plano officials reported 
November 30 that more than 300,000 gallons of water leaked from 8 sewage spills over 
the weekend of November 28, prompted by heavy rainfall and overflows in aged 
underground pipes. Authorities reported that the pipes would be repaired and that there 
was no threat to public drinking water. 

Source: http://planoblog.dallasnews.com/2015/ll/several-sewage-spills-over-weekend- 
did-not-harm-planos-public-water-supply-citv-savs.html/ 

Healthcare and Public Health Sector 

15. November 30, Minneapolis Star Tribune - (International) Medtronic recalls InSync 
III pacemakers due to power-failure problem. The U S. Food and Drug 
Administration announced November 27 that Medtronic issued a recall for nearly 
100,000 units of its InSync HI pacemaker products due to an unexpected power failure 
problem found affecting three models. The company announced that at least 30 devices 
were affected by the issue. 

Source: http://www.startribune.com/medtronic-recalls-insvnc-iii-pacemakers-due-to- 
battery-issue/35 8905 821/ 



16. November 30, Associated Press - (Louisiana) $6 million in equipment missing from 
state hospitals, audit says. An audit of the Louisiana State University (LSU) Health 
Care Services Division conducted by the State’s legislative auditor was released 
November 30 and found that nearly $6 million in state-owned hospital equipment could 
not be located and that over $15 million in equipment bought for the LSU Medical 
Center in New Orleans was not properly recorded and tagged before it was turned over 
to the hospital operator. LSU stated that it is working to locate and properly tag all 
medical equipment purchased. 

Source: 

http://www.nola.eom/health/index.ssf/2015/ll/6 million in equipment missing.html 

17. November 30, U.S. Food and Drug Administration - (International) Bestmed, LLC 
issues nationwide recall of Digital Temple Thermometer (DTT), Model No. KD- 
2201 manufactured by K-Jump Health Co., Ltd. The U.S. Food and Drug 
Administration announced November 30 that Bestmed, LLC initiated a nationwide 
recall November 12 for its Digital Temple Thermometer (DTT) Model No. KD-2201, 
products manufactured by K-Jump Health Co., Ltd., due to a manufacturing issue that 
causes the thermometers to give inaccurate temperature readings. Consumers were 
advised to immediately stop using the device. 

Source: http://www.fda.gov/Safety/Recalls/ucm474774.htm 

Government Facilities Sector 

18. December 1, Oklahoma City Oklahoman - (Oklahoma) Linwood Elementary remains 
closed Tuesday due to power outage in northwest Oklahoma City. Linwood 
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Elementary School in Oklahoma City remained closed December 1 due to a power 
outage that also forced the cancellation of classes November 30. 

Source: http://newsok.com/article/5463922 

19. November 30, Dallas Morning News - (Texas) Brookhaven College reopens after 
power outage canceled classes Monday. Brookhaven College in Texas reopened 
December 1 after day and evening classes were cancelled November 30 due to a power 
failure. 

Source: http://thescoopblog.dallasnews.eom/2015/l 1/brookhaven-college-to-reopen- 
tuesday-after-power-outage-canceled-classes-today.html/ 

20. November 30, KBTX 3 Bryan/College Station - (Texas) All clear given after bomb 
threat at Brazos County Courthouse. Brazos County Courthouse in Bryan was 
evacuated and closed November 30 while police searched the building following a 
phoned bomb threat. Officials cleared the scene once nothing suspicious was found. 
Source: http://www.kbtx.com/home/headlines/Brazos-County-Courthouse-Evacuated- 
Following-Threat-35897931 l.html 

21. November 30, KOIN 6 Portland - (Oregon) Four fires at Madison High School 
connected, ruled arson. Officials announced that 2 fires at Madison High School in 
Portland, which caused an evacuation and dismissal November 30, were ruled arson 
and connected to 2 other fires at the school the week of November 23. Authorities 
announced that the total amount of damage was an estimated $50,000 and believe that 
the fires were started by one or more students. 

Source: http://koin.eom/2015/l 1/30/2-fires-hit-madison-hs-students-dismissed/ 

Emergency Services Sector 

Nothing to report 

Information Technology Sector 

22. December 1, Securityweek - (International) Unpatched flaws allow hackers to 
compromise Belkin routers. A researcher discovered multiple vulnerabilities affecting 
Belkin’s N150 wireless home routers, including an HTML/script injection that affects 
the “language” parameter present and causes the device’s web interface to become 
inoperable; a session hijacking vulnerability that allows an attacker to easily obtain data 
through a brute force attack due to the fixed state of the session ID as a hexadecimal 
string; and a remote control access flaw that allows an attack to gain root privileges, 
among other vulnerabilities. 

Source: http://www.securityweek.com/unpatched-flaws-allow-hackers-compromise- 
belkin-routers 

23. December 1, Securityweek - (International) Schneider patches RCE flaws in 
ProClima software. Schneider Electric released security updates for its ProClima 
product addressing a series of vulnerabilities, including a remote control execution 
(RCE) flaw that can enable a remote attacker to execute unauthorized code via ActiveX 
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controls connected to the Internet Explorer web browser. The products were distributed 
to the U.S. and Europe and affect sectors such as energy, critical manufacturing, and 
commercial facilities. 

Source: http://www.securitvweek.com/schneider-patches-rce-fiaws-proclima-software 

24. December 1, Securityweek - (International) Videofied Alarm System flaws allow 
hackers to intercept data. Researchers from U.K.-based Cybergibbons identified high 
severity vulnerabilities in RSI Video Technologies’ Videofied alarm systems including 
the CVE-2015-8252 and CVE-2015-8253 flaws that allows remote attackers to obtain 
the device’s authentication key from its serial number transmitted through plain text 
and enables hackers to spoof alarms and intercept data including messages and videos 
in the form of plain text and MJPEG files. The vulnerabilities affect devices sold in 
over 70 countries. 

Source: http://www.securityweek.com/videofied-alarm-svstem-flaws-allow-hackers- 
intercept-data 

25. November 30, Securityweek - (International) OpenSSL to patch several 
vulnerabilities. The OpenSSL Project announced November 30 that it will be releasing 
scheduled updates December 3 addressing several OpenSSL vulnerabilities, including 
several threats ranging from low to high security levels including flaws that can be 
exploited remotely to compromise server private key, vulnerabilities that disclose 
contents of server memory, and flaws where remote code execution is possible in 
common situations. 

Source: http://www.securitvweek.com/openssl-patch-several-vulnerabilities 

Internet Alert Dashboard 



To report cyber infrastructure incidents or to request information, please contact US-CERT at soc@us-cert.gov or 
visit their Web site: http://www.us-cert.gov 

Information on IT information sharing and analysis can be found at the IT ISAC (Information Sharing and 
Analysis Center) Web site: http://www.it-isac.org 



Communications Sector 

26. December 1, WDTN 2 Dayton - (National) Time Warner Cable recovering from 
massive outage. Time Warner Cable worked to restore Internet and cable services 
December 1 following a reported outage that affected over 16,000 customers across 
several States November 30. 

Source: http://wdtn.com/2015/ll/30/time-warner-cable-reporting-massive-outage/ 

Commercial Facilities Sector 

27. December 1, WPLG 10 Miami - (Florida) Fire forces hundreds from apartment 
building near FIU. A grease fire at 109 Tower, an off-campus apartment building in 
Miami-Dade County, prompted hundreds of students to evacuate December 1 after the 
fire began on the 10 th floor of the building and caused floor and water damage. No 
injuries were reported. 
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Source: http://www.locallO.com/news/fire-forces-hundreds-from-apartment-building- 
near-fiu/36731552 



28. December 1, KTRK 13 Houston - (Texas) Dollar store fire under investigation in 
Tomball. Officials are investigating a fire that occurred at the Dollar Tree store and 
spread to neighboring businesses in Tomball, Texas December 1. No injuries were 
reported, but the fire caused smoke and water damage to both the Dollar Tree store and 
nearby businesses. 

Source: http://abcl3.com/news/dollar-store-fire-under-investigation-in- 
tomball/ 1105012/ 



For additional stories, see items 7 and 23 

Dams Sector 



Nothing to report 
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NTAS 



NO ACTIVE ALERTS 
wwvv.DHS.gov/alerts 



Department of Homeland Security (DHS) 

DHS Daily Open Source Infrastructure Report Contact Information 

About the reports - The DHS Daily Open Source Infrastructure Report is a daily [Monday 
through Friday] summary of open-source published information concerning significant critical 
infrastructure issues. The DHS Daily Open Source Infrastructure Report is archived for 10 days on 
the Department of Homeland Security Web site: http://www.dhs.gov/lPDailvReport 

Contact Information 

Content and Suggestions: Send mail to cikr.productfeedback@hq.dhs.gov or contact the DHS 

Daily Report Team at (703) 942-8590 

Subscribe to the Distribution List: Visit the DHS Daily Open Source Infrastructure Report and follow 

instructions to Get e-mail updates when this information changes . 

Removal from Distribution List: Send mail to support@govdelivery.com . 



Contact DHS 

To report physical infrastructure incidents or to request information, please contact the National Infrastructure 
Coordinating Center at nicc@hq.dhs.gov or (202) 282-9201. 

To report cyber infrastructure incidents or to request information, please contact US-CERT at soc@us-cert.gov or visit 
their Web page at www.us-cert.gov . 

Department of Homeland Security Disclaimer 

The DHS Daily Open Source Infrastructure Report is a non-commercial publication intended to educate and inform 
personnel engaged in infrastructure protection. Further reproduction or redistribution is subject to original copyright 
restrictions. DHS provides no warranty of ownership of the copyright, or accuracy with respect to the original source 
material. 
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